Skip to main content

Save or Share this Report

For Security & Risk Professionals

Don't Bore Your Executives — Speak To Them In A Language That They Understand

Seven Critical Executive-Level Metrics For CISOs And The Business

July 18, 2011

Primary author headshot


Why Read This Report

The ability to communicate effectively has always been a core competency for any business executive, and today's chief information security officer (CISO) is fast becoming a business executive. The CISO's role is evolving and moving out of IT; its responsibilities and focus are shifting from IT risk to business risk. As with other business executives, the enterprise expects value creation from the CISO. We need a common language for the business and the security organization, and it needs to reflect a communication style that serves the business and the CISO. Program reporting is one important communication method, and formally reporting the value a program contributes to the organization is an important skill. This is especially true when reporting to executives. Adopting the metrics proposed in this report, as part of information security reporting, moves the CISO toward a common language for business.

Get Access

Already a Client?

Log in to read this document.

Become a Forrester Client

Customers are the new market-makers, reshaping industries and changing how businesses compete and win. Success depends on how well and how fast you respond. Forrester Research gives you insights and frameworks aligned to your role to shorten the time between a great idea and a great outcome, helping your teams win in the age of the customer. Contact us to learn more.

Purchase Report

This report is available for individual purchase ($745 USD).


Table of Contents

  • You Report To A Business Executive, But You're Not Using The Language Of One
  • Seven Metrics Categories That Characterize Security In Business Terms

  • You Can't Learn A New Language Instantly, But You Have To Start Somewhere
  • Related Research Documents